<!DOCTYPE html><html lang="zh-CN" data-theme="light"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"><title>Mox的笔记库</title><meta name="keywords" content="Working"><meta name="author" content="MocusEZ"><meta name="copyright" content="MocusEZ"><meta name="format-detection" content="telephone=no"><meta name="theme-color" content="#ffffff"><meta name="description" content="探索未曾设想的道路">
<meta property="og:type" content="website">
<meta property="og:title" content="Mox的笔记库">
<meta property="og:url" content="https://www.mocusez.site/page/2/index.html">
<meta property="og:site_name" content="Mox的笔记库">
<meta property="og:description" content="探索未曾设想的道路">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="https://www.mocusez.site/img/head.jpg">
<meta property="article:author" content="MocusEZ">
<meta property="article:tag" content="Working">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://www.mocusez.site/img/head.jpg"><link rel="shortcut icon" href="/img/title.jpg"><link rel="canonical" href="https://www.mocusez.site/page/2/"><link rel="preconnect" href="//cdn.jsdelivr.net"/><link rel="preconnect" href="//hm.baidu.com"/><link rel="preconnect" href="//busuanzi.ibruce.info"/><link rel="stylesheet" href="/css/index.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free/css/all.min.css" media="print" onload="this.media='all'"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.min.css" media="print" onload="this.media='all'"><script>var _hmt = _hmt || [];
(function() {
  var hm = document.createElement("script");
  hm.src = "https://hm.baidu.com/hm.js?c85c9eaebc158345532b86397a6dded9";
  var s = document.getElementsByTagName("script")[0]; 
  s.parentNode.insertBefore(hm, s);
})();
</script><script>const GLOBAL_CONFIG = { 
  root: '/',
  algolia: undefined,
  localSearch: {"path":"/search.xml","preload":false,"languages":{"hits_empty":"找不到您查询的内容：${query}"}},
  translate: undefined,
  noticeOutdate: undefined,
  highlight: {"plugin":"highlighjs","highlightCopy":true,"highlightLang":true,"highlightHeightLimit":false},
  copy: {
    success: '复制成功',
    error: '复制错误',
    noSupport: '浏览器不支持'
  },
  relativeDate: {
    homepage: false,
    post: false
  },
  runtime: '天',
  date_suffix: {
    just: '刚刚',
    min: '分钟前',
    hour: '小时前',
    day: '天前',
    month: '个月前'
  },
  copyright: undefined,
  lightbox: 'fancybox',
  Snackbar: undefined,
  source: {
    justifiedGallery: {
      js: 'https://cdn.jsdelivr.net/npm/flickr-justified-gallery/dist/fjGallery.min.js',
      css: 'https://cdn.jsdelivr.net/npm/flickr-justified-gallery/dist/fjGallery.min.css'
    }
  },
  isPhotoFigcaption: false,
  islazyload: false,
  isAnchor: false
}</script><script id="config-diff">var GLOBAL_CONFIG_SITE = {
  title: 'Mox的笔记库',
  isPost: false,
  isHome: true,
  isHighlightShrink: false,
  isToc: false,
  postUpdate: '2023-10-21 12:23:56'
}</script><noscript><style type="text/css">
  #nav {
    opacity: 1
  }
  .justified-gallery img {
    opacity: 1
  }

  #recent-posts time,
  #post-meta time {
    display: inline !important
  }
</style></noscript><script>(win=>{
    win.saveToLocal = {
      set: function setWithExpiry(key, value, ttl) {
        if (ttl === 0) return
        const now = new Date()
        const expiryDay = ttl * 86400000
        const item = {
          value: value,
          expiry: now.getTime() + expiryDay,
        }
        localStorage.setItem(key, JSON.stringify(item))
      },

      get: function getWithExpiry(key) {
        const itemStr = localStorage.getItem(key)

        if (!itemStr) {
          return undefined
        }
        const item = JSON.parse(itemStr)
        const now = new Date()

        if (now.getTime() > item.expiry) {
          localStorage.removeItem(key)
          return undefined
        }
        return item.value
      }
    }
  
    win.getScript = url => new Promise((resolve, reject) => {
      const script = document.createElement('script')
      script.src = url
      script.async = true
      script.onerror = reject
      script.onload = script.onreadystatechange = function() {
        const loadState = this.readyState
        if (loadState && loadState !== 'loaded' && loadState !== 'complete') return
        script.onload = script.onreadystatechange = null
        resolve()
      }
      document.head.appendChild(script)
    })
  
      win.activateDarkMode = function () {
        document.documentElement.setAttribute('data-theme', 'dark')
        if (document.querySelector('meta[name="theme-color"]') !== null) {
          document.querySelector('meta[name="theme-color"]').setAttribute('content', '#0d0d0d')
        }
      }
      win.activateLightMode = function () {
        document.documentElement.setAttribute('data-theme', 'light')
        if (document.querySelector('meta[name="theme-color"]') !== null) {
          document.querySelector('meta[name="theme-color"]').setAttribute('content', '#ffffff')
        }
      }
      const t = saveToLocal.get('theme')
    
          if (t === 'dark') activateDarkMode()
          else if (t === 'light') activateLightMode()
        
      const asideStatus = saveToLocal.get('aside-status')
      if (asideStatus !== undefined) {
        if (asideStatus === 'hide') {
          document.documentElement.classList.add('hide-aside')
        } else {
          document.documentElement.classList.remove('hide-aside')
        }
      }
    
    const detectApple = () => {
      if(/iPad|iPhone|iPod|Macintosh/.test(navigator.userAgent)){
        document.documentElement.classList.add('apple')
      }
    }
    detectApple()
    })(window)</script><meta name="generator" content="Hexo 6.2.0"><link rel="alternate" href="/atom.xml" title="Mox的笔记库" type="application/atom+xml">
</head><body><div id="sidebar"><div id="menu-mask"></div><div id="sidebar-menus"><div class="avatar-img is-center"><img src="/img/head.jpg" onerror="onerror=null;src='/img/friend_404.gif'" alt="avatar"/></div><div class="sidebar-site-data site-data is-center"><a href="/archives/"><div class="headline">文章</div><div class="length-num">61</div></a><a href="/tags/"><div class="headline">标签</div><div class="length-num">0</div></a><a href="/categories/"><div class="headline">分类</div><div class="length-num">8</div></a></div><hr/><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fas fa-home"></i><span> 首页</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw fas fa-archive"></i><span> 归档</span></a></div><div class="menus_item"><a class="site-page" href="/categories/"><i class="fa-fw fas fa-folder-open"></i><span> 分类</span></a></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw fas fa-link"></i><span> 友链&amp;私人收藏</span></a></div><div class="menus_item"><a class="site-page" href="/board/"><i class="fa-fw fas fa-user"></i><span> 留言板</span></a></div></div></div></div><div class="page" id="body-wrap"><header class="full_page" id="page-header" style="background-image: url('/img/kali-2.0_kali-2.0-1920x1080.png')"><nav id="nav"><span id="blog_name"><a id="site-name" href="/">Mox的笔记库</a></span><div id="menus"><div id="search-button"><a class="site-page social-icon search"><i class="fas fa-search fa-fw"></i><span> 搜索</span></a></div><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fas fa-home"></i><span> 首页</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw fas fa-archive"></i><span> 归档</span></a></div><div class="menus_item"><a class="site-page" href="/categories/"><i class="fa-fw fas fa-folder-open"></i><span> 分类</span></a></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw fas fa-link"></i><span> 友链&amp;私人收藏</span></a></div><div class="menus_item"><a class="site-page" href="/board/"><i class="fa-fw fas fa-user"></i><span> 留言板</span></a></div></div><div id="toggle-menu"><a class="site-page"><i class="fas fa-bars fa-fw"></i></a></div></div></nav><div id="site-info"><h1 id="site-title">Mox的笔记库</h1><div id="site-subtitle"><span id="subtitle"></span></div><div id="site_social_icons"><a class="social-icon" href="https://github.com/mocusez" rel="external nofollow noreferrer" target="_blank" title="Github"><i class="fab fa-github"></i></a><a class="social-icon" href="mailto:285918468@qq.com" rel="external nofollow noreferrer" target="_blank" title="Email"><i class="fas fa-envelope"></i></a><a class="social-icon" href="/atom.xml" target="_blank" title="RSS"><i class="fas fa-rss"></i></a></div></div><div id="scroll-down"><i class="fas fa-angle-down scroll-down-effects"></i></div></header><main class="layout" id="content-inner"><div class="recent-posts" id="recent-posts"><div class="recent-post-item"><div class="post_cover left"><a href="/posts/ffd4.html" title="202202，困惑，混乱与未曾设想之路"><img class="post_bg" src="https://picx.zhimg.com/80/v2-11300de439ef479fbba4757254557bb5_720w.webp" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="202202，困惑，混乱与未曾设想之路"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/ffd4.html" title="202202，困惑，混乱与未曾设想之路">202202，困惑，混乱与未曾设想之路</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-01-01T16:20:26.000Z" title="发表于 2023-01-02 00:20:26">2023-01-02</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E6%97%A5%E5%B8%B8%E7%AC%94%E8%AE%B0/">日常笔记</a></span></div><div class="content">202202，困惑，混乱与未曾设想之路
他人即地狱
——萨特

2022，从疫情防控中开始，在感染疫情中落下帷幕
当浏览器的OneTab驻留页面清空，时间已经来到了CST 2022.12.31 17：00
然而他没有继续完成这份2022报告，也没有去看某位大人物的新年展望，更没有去看B站的跨年祭，而是去看《IXION 伊克西翁》的游玩记录。在游戏的片尾曲中，在跨年的钟声中，在困惑和希望中迎来了新的一年。


人是万物的尺度
——普罗泰戈拉

回过神来之后，已经是CST 2023.1.1 22：00
由于从2022年2月开始使用滴答清单APP记录情况，今年发生的大部分事务将会被顺利回溯
1月，参见了四叶草举办的长安战疫CTF，给学校的RSShub生成做最后的整理，做了Log4j2 漏洞的相关复现，蛮有意思的。另外，给学校的大创项目上了MicroPython与ESP32，ESP8266 MCU
2月，月初过完春节，月末准备返回学校事项，并准备大创结题的文件材料，大创一大部分有关互联网的服务器组建都是在这时候完成的。由于电脑上的中国特供版本Firefox做出了些超出我预期的事情，决定用Bra ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/posts/2c2e.html" title="2022年Hack the box:Tier1免费区全解"><img class="post_bg" src="https://tse2-mm.cn.bing.net/th/id/OIP-C.FOiYj3Tyj3Bd4IDouzW23wHaDI?pid=ImgDet&amp;rs=1" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="2022年Hack the box:Tier1免费区全解"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/2c2e.html" title="2022年Hack the box:Tier1免费区全解">2022年Hack the box:Tier1免费区全解</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2022-09-27T03:26:26.000Z" title="发表于 2022-09-27 11:26:26">2022-09-27</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95%E7%AC%94%E8%AE%B0/">渗透测试笔记</a></span></div><div class="content">准备考CISP-PTE了，顺带把之前HTB没刷完的starting point一并刷完
Appointment上来先扫一下，80进入

1.What does the acronym SQL stand for?
Structured Query Language
2.What is one of the most common type of SQL vulnerabilities?
sql injection
3.What does PII stand for?
Personally identifiable information
没听说过
4.What does the OWASP Top 10 list name the classification for this vulnerability?
A03:2021-Injection
5.What service and version are running on port 80 of the target?
Apache httpd 2.4.38 ((Debian))
6.What is the standard por ...</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/posts/c87a.html" title="Navidrome部署记录"><img class="post_bg" src="https://dd-static.jd.com/ddimg/jfs/t1/25609/34/18649/514869/631a048dE626216a2/deba1d9c4705b6de.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Navidrome部署记录"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/c87a.html" title="Navidrome部署记录">Navidrome部署记录</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2022-09-08T15:23:26.000Z" title="发表于 2022-09-08 23:23:26">2022-09-08</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/Arch-Linux%E6%8A%98%E8%85%BE/">Arch Linux折腾</a></span></div><div class="content">Navidrome部署记录Navidrome是一款用Go语言写的流媒体窜流平台，前端基于React,使用的接口标准基于SubSonic，所以凡是支持这个标准的Android，IOS应用均能使用。一路的部署流程也十分顺利。
我采用的方案是阿里云盘本地只读映射到磁盘，Navidrome使用Docker快速部署
阿里云盘映射使用aliyundrive-fuse，感觉作者拿它的用途应该和我是一致的，用screen命令挂在后台
https://github.com/messense/aliyundrive-fuse/releases/tag/v0.1.14
Navidrome Dokcer-compose部署文件1234567891011121314151617181920version: &quot;3&quot;services:  navidrome:    container_name: navidrome    image: deluan/navidrome:latest    user: 0:0 #0:0代表用root用户运行    ports:      - &quot;4533: ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/posts/4404.html" title="长安杯2021-snake复现"><img class="post_bg" src="https://pic.rmb.bdstatic.com/bjh/42f941b57179f20a17b66b81136affb8.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="长安杯2021-snake复现"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/4404.html" title="长安杯2021-snake复现">长安杯2021-snake复现</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2022-08-20T15:30:26.000Z" title="发表于 2022-08-20 23:30:26">2022-08-20</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/CTF%E9%A2%98%E8%A7%A3/">CTF题解</a></span></div><div class="content">长安杯2021-snake复现这次复现可以加强对IDA使用的理解
全网只搜到了这个人的文章：
2021长安杯—snake题解
另外一篇是这个人在博客园上的发帖
整个复现过程并不顺利，因为帖子只讲了原理，没有具体到步骤的介绍，IDA操作不熟练直接GG，我摸索了一天才复现成功。
最主要的地方在于，那篇帖子其实是用了IDA的远程调试的，然而通篇没有任何提示。静态分析完以后，发现也可以直接静态patch出解
环境准备IDA Pro 7.6
无keypatch插件
正文在NSSCTF下载附件
把文件拖进IDA64分析逻辑

在一个while（1）里，有三个跳到LABEL13（Game Over），可以进行修改（尽管从结果来看并没有必要），里面有个LABEL17可以跳出循环
这里就会遇到第一种情况：F5后的C语言是不能直接修改汇编的
这时候，你需要先开启一个子窗口
view-open subviews-disassembly
右键选择Synchronize with，这样C语言的指令就会导向汇编的窗口，就可以在汇编的窗口上面打补丁 

就会产生绿色的光标，与右边同步

由于中间太长，直接跳到最下面 ...</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/posts/957e.html" title="报告概要翻译：OBFUSCATING C++ PROGRAMS VIA CONTROL FLOW FLATTENING"><img class="post_bg" src="https://pic.rmb.bdstatic.com/bjh/b7a34f08ace78bce581479be23d9fa2a.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="报告概要翻译：OBFUSCATING C++ PROGRAMS VIA CONTROL FLOW FLATTENING"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/957e.html" title="报告概要翻译：OBFUSCATING C++ PROGRAMS VIA CONTROL FLOW FLATTENING">报告概要翻译：OBFUSCATING C++ PROGRAMS VIA CONTROL FLOW FLATTENING</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2022-08-16T02:30:26.000Z" title="发表于 2022-08-16 10:30:26">2022-08-16</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E6%97%A5%E5%B8%B8%E7%AC%94%E8%AE%B0/">日常笔记</a></span></div><div class="content">报告概要翻译：OBFUSCATING C++ PROGRAMS VIA CONTROL FLOW FLATTENING中文译名：通过扁平控制流的混淆的C ++程序
这篇文章写于2009年，作者是T. L ́aszl ́o 和  ́ A. Kiss，是一切Ollvm技术的初始，在不少博客和文章中均有提及。将顺序的流程变为利用switch-case这种分支判断的扁平运行，给软件逆向增加难度。目前看到最多的使用环境是加密Android的C++ NDK程序库。
OLLVM（Obfuscator-LLVM）是瑞士西北应用科技大学安全实验室于2010年6月份发起的一个项目，该项目旨在提供一套开源的针对LLVM的代码混淆工具，以增加逆向工程的难度。
腾讯应急安全响应中心-利用符号执行去除控制流平坦化
看雪社区-控制流平坦化的实现

摘要利用混淆技术保护 C++ 源代码，并在文章中给出一个能把程序复杂度提高5倍，且并不影响原有功能的技术原型方案。
实现平坦化的方法：将代码分成多个基本块（就是case代码块）和一个入口块，为每个基本块编号，并让这些基本块都有共同的前驱模块和后继模块。前驱模块主要是进行基 ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/posts/a3ce.html" title="从零开始的Django CVE-2022-28346复现"><img class="post_bg" src="https://pic.rmb.bdstatic.com/bjh/29237cc6d142cd24900c87c3da00f2b3.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="从零开始的Django CVE-2022-28346复现"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/a3ce.html" title="从零开始的Django CVE-2022-28346复现">从零开始的Django CVE-2022-28346复现</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2022-08-14T03:26:26.000Z" title="发表于 2022-08-14 11:26:26">2022-08-14</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E6%97%A5%E5%B8%B8%E7%AC%94%E8%AE%B0/">日常笔记</a></span></div><div class="content">从零开始的Django CVE-2022-28346复现
本篇适合有Django开发基础，但没有SQL注入经验的人阅读

Django的sql漏洞，一直以为Djano的ORM不会有漏洞，直到我看了Django的官方漏洞列表，每隔几个月就有修补……
Django安全问题档案

4月份的修补，热热还能吃，CNVD评价是高危，看看怎么回事
描述
漏洞编号：CVE-2022-28346
攻击者使用精心编制的字典， 通过**kwargs传递给QuerySet.annotate()、aggregate()和extra()这些方法，可导致这些方法在列别名中受到SQL注入攻击

不懂发生了什么，拉个靶场看一下情况
影响版本
Django Django &gt;&#x3D;2.2，&lt;2.2.28Django Django &gt;&#x3D;3.2，&lt;3.2.13Django Django &gt;&#x3D;4.0，&lt;4.0.4

官方PR修补
[3.2.x] Fixed CVE-2022-28346 – Protected QuerySet.annotate(), aggreg…
 ...</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/posts/8c05.html" title="2022CISCN(西北区赛)-The shinning"><img class="post_bg" src="https://pic.rmb.bdstatic.com/bjh/4438a0fcba2aebee575617d3b157d5dd.jpeg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="2022CISCN(西北区赛)-The shinning"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/8c05.html" title="2022CISCN(西北区赛)-The shinning">2022CISCN(西北区赛)-The shinning</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2022-08-07T13:26:26.000Z" title="发表于 2022-08-07 21:26:26">2022-08-07</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/CTF%E9%A2%98%E8%A7%A3/">CTF题解</a></span></div><div class="content">2022CISCN(西北区赛)-The shinning一道取证题目，学习一下如何解出这种套娃题目

本文已转载到个人公众号与看雪社区

vol2做法当时开着kali虚拟机做的(Volatility 2.6)，以下图片来自当时交给赛事方的wp
1volatility -f USER-PC-20220606-064535.raw --profile=Win7SP1x64 filescan | grep &quot;Desktop&quot; 


发现有7z和rar各一个，用volatility工具提取出文件
12volatility -f USER-PC-20220606-064535.raw --profile=Win7SP1x64 dumpfiles -Q 0x000000007f66b700 --dump-dir=./ -uvolatility -f USER-PC-20220606-064535.raw --profile=Win7SP1x64 dumpfiles -Q 0x000000007e2260f0 --dump-dir=./ -u

修改提取出来的dat为rar和7z ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/posts/1912.html" title="Docker+QEMU+Arm64(Ubuntu)+环境配置（2022版）"><img class="post_bg" src="https://pic.rmb.bdstatic.com/bjh/bfd286e9b95710fc6990cf84ec39234d.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Docker+QEMU+Arm64(Ubuntu)+环境配置（2022版）"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/1912.html" title="Docker+QEMU+Arm64(Ubuntu)+环境配置（2022版）">Docker+QEMU+Arm64(Ubuntu)+环境配置（2022版）</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2022-08-05T13:26:26.000Z" title="发表于 2022-08-05 21:26:26">2022-08-05</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/Arch-Linux%E6%8A%98%E8%85%BE/">Arch Linux折腾</a></span></div><div class="content">Docker+QEMU+Arm64(Ubuntu)+环境配置（2022版）把multiarch&#x2F;qemu-user-static特权提升，就可以在x86_64使用其他架构的镜像
1docker run --rm --privileged multiarch/qemu-user-static --reset --persistent yes

测试下arm64的镜像能不能运行
1docker run --rm -t arm64v8/ubuntu

OK,成功了，装个neofetch发了个截图到群里

配置源需要补装一个ca-certificates才能使用https的源
1apt install ca-certificates

选用北外源
12345678deb https://mirrors.bfsu.edu.cn/ubuntu-ports/ focal main restricted universe multiverse# deb-src https://mirrors.bfsu.edu.cn/ubuntu-ports/ focal main restricted un ...</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/posts/98a4.html" title="Arch Linux运行树莓派系统（2022年）"><img class="post_bg" src="https://pic.rmb.bdstatic.com/bjh/80fc04a5804dc732ccf6447707d44a64.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Arch Linux运行树莓派系统（2022年）"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/98a4.html" title="Arch Linux运行树莓派系统（2022年）">Arch Linux运行树莓派系统（2022年）</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2022-08-03T11:26:26.000Z" title="发表于 2022-08-03 19:26:26">2022-08-03</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/Arch-Linux%E6%8A%98%E8%85%BE/">Arch Linux折腾</a></span></div><div class="content">Arch Linux运行树莓派系统（2022年）需要安装QEMU及其相应的aarch64虚拟包，具体安装方法已经忘了，网上应该能搜得到（比如Arch wiki），本篇主要内容是树莓派系统镜像的提取
Arch wiki QEMU
参考国外的脚本（注意，稍微做了一丢丢修改，适应QEMU7.0的配置），把树莓派的btd和kernel提取出来，启动镜像
https://gist.githubusercontent.com/Ch0pin/191007e621e806a6283d5ec5416b8847/raw/1be4b0d62c526eff245734ed38b034fabc8448e2/rasp
1234567891011121314151617181920pwn@host$ mkdir aarch64_tests &amp;&amp; cd aarch64_testspwn@host$ wget https://downloads.raspberrypi.org/raspios_arm64/images/raspios_arm64-2022-01-28/2022-01-28-raspios ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/posts/5de9.html" title="2022CISCN初赛-ez_usb-复盘WriteUp"><img class="post_bg" src="https://pic.rmb.bdstatic.com/bjh/e5b11171970586d1877387e695d7ff6c.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="2022CISCN初赛-ez_usb-复盘WriteUp"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/5de9.html" title="2022CISCN初赛-ez_usb-复盘WriteUp">2022CISCN初赛-ez_usb-复盘WriteUp</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2022-07-06T15:45:26.000Z" title="发表于 2022-07-06 23:45:26">2022-07-06</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/CTF%E9%A2%98%E8%A7%A3/">CTF题解</a></span></div><div class="content">2022CISCN初赛 ez_usb 复盘WriteUp前言本篇首发于看雪社区
发现看雪社区对带有图片markdown非常友好，开始有点想把我博客迁过去了
本篇所有图片都挂载在看雪社区的图床下
前期准备USB协议规范123l USB UARTl USB HIDl USB Memory

最上面这个就是标准的串口实现，可以通过USB连接STM32或ESP8266这些MCU
中间这个可以做BadUSB（实现键盘模拟输入）
最下面这个应该是访问U盘
每一种USB设备，尤其是人机交互设备和存储设备，都有一串特殊的数字，这串数字被称为厂商ID和产品ID。这两个数字一般是成对出现的。厂商ID用于标明该产品是由哪一个制造商所生产的，而产品ID是产品的标识符。
有关协议的详细说明：USB初学（一）—USB-HID的初步认识【转】
HID设备的描述符除了5个USB的标准描述符（设备描述符、配置描述符、接口描述符、端点描述符、字符串描述符）外，还包括三个HID设备类特定的描述符：HID描述符、报告描述符、实体描述符。
　　除了HID的三个特定描述符组成对HID设备的解释外，5个标准描述符中与HID设备有关 ...</div></div></div><nav id="pagination"><div class="pagination"><a class="extend prev" rel="prev" href="/"><i class="fas fa-chevron-left fa-fw"></i></a><a class="page-number" href="/">1</a><span class="page-number current">2</span><a class="page-number" href="/page/3/#content-inner">3</a><span class="space">&hellip;</span><a class="page-number" href="/page/7/#content-inner">7</a><a class="extend next" rel="next" href="/page/3/#content-inner"><i class="fas fa-chevron-right fa-fw"></i></a></div></nav></div><div class="aside-content" id="aside-content"><div class="card-widget card-info"><div class="is-center"><div class="avatar-img"><img src="/img/head.jpg" onerror="this.onerror=null;this.src='/img/friend_404.gif'" alt="avatar"/></div><div class="author-info__name">MocusEZ</div><div class="author-info__description">探索未曾设想的道路</div></div><div class="card-info-data site-data is-center"><a href="/archives/"><div class="headline">文章</div><div class="length-num">61</div></a><a href="/tags/"><div class="headline">标签</div><div class="length-num">0</div></a><a href="/categories/"><div class="headline">分类</div><div class="length-num">8</div></a></div><div class="card-info-social-icons is-center"><a class="social-icon" href="https://github.com/mocusez" rel="external nofollow noreferrer" target="_blank" title="Github"><i class="fab fa-github"></i></a><a class="social-icon" href="mailto:285918468@qq.com" rel="external nofollow noreferrer" target="_blank" title="Email"><i class="fas fa-envelope"></i></a><a class="social-icon" href="/atom.xml" target="_blank" title="RSS"><i class="fas fa-rss"></i></a></div></div><div class="card-widget card-announcement"><div class="item-headline"><i class="fas fa-bullhorn fa-shake"></i><span>公告</span></div><div class="announcement_content">迎接新的明天</div></div><div class="sticky_layout"><div class="card-widget card-recent-post"><div class="item-headline"><i class="fas fa-history"></i><span>最新文章</span></div><div class="aside-list"><div class="aside-list-item"><a class="thumbnail" href="/posts/3e9f.html" title="RMM观察与初探"><img src="https://z1.ax1x.com/2023/10/21/piF47TA.md.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="RMM观察与初探"/></a><div class="content"><a class="title" href="/posts/3e9f.html" title="RMM观察与初探">RMM观察与初探</a><time datetime="2023-10-21T04:30:00.000Z" title="发表于 2023-10-21 12:30:00">2023-10-21</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/posts/5e44.html" title="计算机网络课设——UDP/TCP/TLS Socket实验"><img src="https://s1.ax1x.com/2023/09/09/pP6qXOU.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="计算机网络课设——UDP/TCP/TLS Socket实验"/></a><div class="content"><a class="title" href="/posts/5e44.html" title="计算机网络课设——UDP/TCP/TLS Socket实验">计算机网络课设——UDP/TCP/TLS Socket实验</a><time datetime="2023-09-09T07:10:00.000Z" title="发表于 2023-09-09 15:10:00">2023-09-09</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/posts/cd44.html" title="JQuery的XSS初探"><img src="https://s1.ax1x.com/2023/09/08/pPyvO0O.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="JQuery的XSS初探"/></a><div class="content"><a class="title" href="/posts/cd44.html" title="JQuery的XSS初探">JQuery的XSS初探</a><time datetime="2023-09-08T04:30:00.000Z" title="发表于 2023-09-08 12:30:00">2023-09-08</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/posts/5862.html" title="生产实习记录"><img src="https://s1.ax1x.com/2023/09/02/pPBH058.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="生产实习记录"/></a><div class="content"><a class="title" href="/posts/5862.html" title="生产实习记录">生产实习记录</a><time datetime="2023-09-02T13:51:00.000Z" title="发表于 2023-09-02 21:51:00">2023-09-02</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/posts/9a9b.html" title="Fedora-CoreOS配置与试用（2023年）"><img src="https://s1.ax1x.com/2023/08/28/pPa8tlF.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Fedora-CoreOS配置与试用（2023年）"/></a><div class="content"><a class="title" href="/posts/9a9b.html" title="Fedora-CoreOS配置与试用（2023年）">Fedora-CoreOS配置与试用（2023年）</a><time datetime="2023-08-28T11:35:00.000Z" title="发表于 2023-08-28 19:35:00">2023-08-28</time></div></div></div></div><div class="card-widget card-categories"><div class="item-headline">
            <i class="fas fa-folder-open"></i>
            <span>分类</span>
            
            </div>
            <ul class="card-category-list" id="aside-cat-list">
            <li class="card-category-list-item "><a class="card-category-list-link" href="/categories/Arch-Linux%E6%8A%98%E8%85%BE/"><span class="card-category-list-name">Arch Linux折腾</span><span class="card-category-list-count">4</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/CTF%E9%A2%98%E8%A7%A3/"><span class="card-category-list-name">CTF题解</span><span class="card-category-list-count">7</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/Security%E7%AC%94%E8%AE%B0/"><span class="card-category-list-name">Security笔记</span><span class="card-category-list-count">2</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/Termux%E7%AC%94%E8%AE%B0/"><span class="card-category-list-name">Termux笔记</span><span class="card-category-list-count">3</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E5%AD%A6%E4%B9%A0%E8%B5%84%E6%96%99/"><span class="card-category-list-name">学习资料</span><span class="card-category-list-count">4</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%97%A5%E5%B8%B8%E7%AC%94%E8%AE%B0/"><span class="card-category-list-name">日常笔记</span><span class="card-category-list-count">38</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95%E7%AC%94%E8%AE%B0/"><span class="card-category-list-name">渗透测试笔记</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E7%94%A8%E8%BF%87%E5%B0%B1%E4%B8%A2%E7%9A%84%E4%B8%9C%E8%A5%BF/"><span class="card-category-list-name">用过就丢的东西</span><span class="card-category-list-count">2</span></a></li>
            </ul></div><div class="card-widget card-archives"><div class="item-headline"><i class="fas fa-archive"></i><span>归档</span><a class="card-more-btn" href="/archives/" title="查看更多">
    <i class="fas fa-angle-right"></i></a></div><ul class="card-archive-list"><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/10/"><span class="card-archive-list-date">十月 2023</span><span class="card-archive-list-count">1</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/09/"><span class="card-archive-list-date">九月 2023</span><span class="card-archive-list-count">3</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/08/"><span class="card-archive-list-date">八月 2023</span><span class="card-archive-list-count">2</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/06/"><span class="card-archive-list-date">六月 2023</span><span class="card-archive-list-count">1</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/02/"><span class="card-archive-list-date">二月 2023</span><span class="card-archive-list-count">1</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/01/"><span class="card-archive-list-date">一月 2023</span><span class="card-archive-list-count">3</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2022/09/"><span class="card-archive-list-date">九月 2022</span><span class="card-archive-list-count">2</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2022/08/"><span class="card-archive-list-date">八月 2022</span><span class="card-archive-list-count">6</span></a></li></ul></div><div class="card-widget card-webinfo"><div class="item-headline"><i class="fas fa-chart-line"></i><span>网站资讯</span></div><div class="webinfo"><div class="webinfo-item"><div class="item-name">文章数目 :</div><div class="item-count">61</div></div><div class="webinfo-item"><div class="item-name">已运行时间 :</div><div class="item-count" id="runtimeshow" data-publishDate="2019-11-30T16:00:00.000Z"><i class="fa-solid fa-spinner fa-spin"></i></div></div><div class="webinfo-item"><div class="item-name">本站访客数 :</div><div class="item-count" id="busuanzi_value_site_uv"><i class="fa-solid fa-spinner fa-spin"></i></div></div><div class="webinfo-item"><div class="item-name">本站总访问量 :</div><div class="item-count" id="busuanzi_value_site_pv"><i class="fa-solid fa-spinner fa-spin"></i></div></div><div class="webinfo-item"><div class="item-name">最后更新时间 :</div><div class="item-count" id="last-push-date" data-lastPushDate="2023-10-21T04:23:56.038Z"><i class="fa-solid fa-spinner fa-spin"></i></div></div></div></div></div></div></main><footer id="footer"><div id="footer-wrap"><div class="copyright">&copy;2019 - 2023 By MocusEZ</div><div class="framework-info"><span>框架 </span><a target="_blank" rel="noopener external nofollow noreferrer" href="https://hexo.io">Hexo</a><span class="footer-separator">|</span><span>主题 </span><a target="_blank" rel="noopener external nofollow noreferrer" href="https://github.com/jerryc127/hexo-theme-butterfly">Butterfly</a></div><div class="footer_custom_text"><a href="http://beian.miit.gov.cn/" rel="external nofollow noreferrer"  style="color:#f72b07" target="_blank">闽ICP备2021003009号</a></div></div></footer></div><div id="rightside"><div id="rightside-config-hide"><button id="darkmode" type="button" title="浅色和深色模式转换"><i class="fas fa-adjust"></i></button><button id="hide-aside-btn" type="button" title="单栏和双栏切换"><i class="fas fa-arrows-alt-h"></i></button></div><div id="rightside-config-show"><button id="rightside_config" type="button" title="设置"><i class="fas fa-cog fa-spin"></i></button><button id="go-up" type="button" title="回到顶部"><i class="fas fa-arrow-up"></i></button></div></div><div id="local-search"><div class="search-dialog"><nav class="search-nav"><span class="search-dialog-title">搜索</span><span id="loading-status"></span><button class="search-close-button"><i class="fas fa-times"></i></button></nav><div class="is-center" id="loading-database"><i class="fas fa-spinner fa-pulse"></i><span>  数据库加载中</span></div><div class="search-wrap"><div id="local-search-input"><div class="local-search-box"><input class="local-search-box--input" placeholder="搜索文章" type="text"/></div></div><hr/><div id="local-search-results"></div></div></div><div id="search-mask"></div></div><div><script src="/js/utils.js"></script><script src="/js/main.js"></script><script src="https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.umd.min.js"></script><script src="/js/search/local-search.js"></script><div class="js-pjax"><script>function subtitleType () {
  if (true) { 
    window.typed = new Typed("#subtitle", {
      strings: ["初看前路近可至，细思百事竞待忙","认知，信条，教导"],
      startDelay: 300,
      typeSpeed: 150,
      loop: true,
      backSpeed: 50
    })
  } else {
    document.getElementById("subtitle").innerHTML = '初看前路近可至，细思百事竞待忙'
  }
}

if (true) {
  if (typeof Typed === 'function') {
    subtitleType()
  } else {
    getScript('https://cdn.jsdelivr.net/npm/typed.js/lib/typed.min.js').then(subtitleType)
  }
} else {
  subtitleType()
}</script></div><script>(function(i,s,o,g,r,a,m){i["DaoVoiceObject"]=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;a.charset="utf-8";m.parentNode.insertBefore(a,m)})(window,document,"script",('https:' == document.location.protocol ? 'https:' : 'http:') + "//widget.daovoice.io/widget/1df8ba05.js","daovoice")
</script><script>var isChatBtn = false
daovoice('init', {
  app_id: '1df8ba05',},{
  launcher: { 
     disableLauncherIcon: isChatBtn // 悬浮 ICON 是否显示
  },
});
daovoice('update');

if (isChatBtn) {
  var chatBtnFn = () => {
    var chatBtn = document.getElementById("chat_btn")
    chatBtn.addEventListener("click", function(){
      daovoice('show')
    });
  }
  chatBtnFn()
} else {
  if (false) {
    function chatBtnHide () {
      daovoice('update', {},{
        launcher: { 
        disableLauncherIcon: true // 悬浮 ICON 是否显示
        },
      });
    }
    function chatBtnShow () {
      daovoice('update', {},{
        launcher: { 
        disableLauncherIcon: false // 悬浮 ICON 是否显示
        },
      });
    }
  }
}</script><script async data-pjax src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script></div></body></html>